Commit Graph

21749 Commits

Author SHA1 Message Date
Stefan Weil
8bd6b06d7b console: Fix warning from clang (and potential crash)
ccc-analyzer reports this warning:

console.c:1090:29: warning: Dereference of null pointer
        if (active_console->cursor_timer) {
                            ^

Function console_select allows active_console to be NULL,
but would crash when accessing cursor_timer. Fix this.

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-31 10:05:22 -05:00
Anthony Liguori
23aec6005a Merge remote-tracking branch 'kraxel/usb.61' into staging
* kraxel/usb.61:
  uas: move transfer kickoff
  ehci: Fix interrupt endpoints no longer working
  ehci: handle TD deactivation of inflight packets
  ehci: add ehci_cancel_queue()
  ehci: simplify ehci_state_executing
  ehci: Remove unnecessary ehci_flush_qh call
  ehci: Schedule async-bh when IAAD bit gets set
  ehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream active
  usb: unique packet ids
  usb: Halt ep queue en cancel pending packets on a packet error
  fix info qtree indention
2012-08-31 10:04:54 -05:00
Anthony Liguori
cdedd9d867 Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony:
  qemu-iotests: add backing file smaller than image test case
  stream: complete early if end of backing file is reached
  qed: refuse unaligned zero writes with a backing file
2012-08-31 10:04:18 -05:00
Gerd Hoffmann
347e40ffe6 uas: move transfer kickoff
Kick next scsi transfer from request release callback instead of command
completion callback, otherwise we might get stuck in case scsi_req_unref()
doesn't release the request instantly due to someone else holding a
reference too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 15:47:57 +02:00
Hans de Goede
adf478342b ehci: Fix interrupt endpoints no longer working
One of the recent changes (likely the addition of queuing support) has broken
interrupt endpoints, this patch fixes this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-08-31 15:47:57 +02:00
Gerd Hoffmann
287fd3f1dd ehci: handle TD deactivation of inflight packets
Check the TDs of inflight packets, cancel
packets in case the guest clears the active bit.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 15:47:35 +02:00
Gerd Hoffmann
c7cdca3b85 ehci: add ehci_cancel_queue()
Factor out function to cancel all packets of a queue.
No behavior change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 12:02:15 +02:00
Hans de Goede
574ef17191 ehci: simplify ehci_state_executing
ehci_state_executing does not need to check for p->usb_status == USB_RET_ASYNC
or USB_RET_PROCERR, since ehci_execute_complete already does a similar check
and will trigger an assert if either value is encountered.

USB_RET_ASYNC should never be the packet status when execute_complete runs
for obvious reasons, and USB_RET_PROCERR is only used by ehci_state_execute /
ehci_execute not by ehci_state_executing / ehci_execute_complete.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 12:02:15 +02:00
Hans de Goede
53dd6f7032 ehci: Remove unnecessary ehci_flush_qh call
ehci_qh_do_overlay() already calls ehci_flush_qh() before it returns, calling
it twice is useless.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 11:58:03 +02:00
Hans de Goede
a1c3e4b839 ehci: Schedule async-bh when IAAD bit gets set
After the "ehci: Print a warning when a queue unexpectedly contains packets
on cancel" commit. Under certain reproducable conditions I was getting the
following message: "EHCI: Warning queue not empty on queue reset".

After aprox. 8 hours of debugging I've finally found the cause. The Linux EHCI
driver has an IAAD watchdog, to work around certain EHCI hardware sometimes
not acknowledging the doorbell at all. This watchdog has a timeout of 10 ms,
which is less then the time between 2 runs through the async schedule when
async_stepdown is at its highest value.

Thus the watchdog can trigger, after which Linux clears the IAAD bit and
re-uses the QH. IOW we were not properly detecting the unlink of the qh, due
to us missing (ignoring for more then 10 ms) the IAAD command, which triggered
the warning.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-08-31 11:58:03 +02:00
Hans de Goede
7ce86aa1aa ehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream active
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-08-31 11:57:41 +02:00
Gerd Hoffmann
e983395d30 usb: unique packet ids
This patch adds IDs to usb packets.  Those IDs are (a) supposed to be
unique for the lifecycle of a packet (from packet setup until the packet
is either completed or canceled) and (b) stable across migration.

uhci, ohci, ehci and xhci use the guest physical address of the transfer
descriptor for this.

musb needs a different approach because there is no transfer descriptor.
But musb also doesn't support pipelining, so we have never more than one
packet per endpoint in flight.  So we go create an ID based on endpoint
and device address.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 11:57:23 +02:00
Hans de Goede
0132b4b659 usb: Halt ep queue en cancel pending packets on a packet error
For controllers which queue up more then 1 packet at a time, we must halt the
ep queue, and inside the controller code cancel all pending packets on an
error.

There are multiple reasons for this:
1) Guests expect the controllers to halt ep queues on error, so that they
get the opportunity to cancel transfers which the scheduled after the failing
one, before processing continues

2) Not cancelling queued up packets after a failed transfer also messes up
the controller state machine, in the case of EHCI causing the following
assert to trigger: "assert(p->qtdaddr == q->qtdaddr)" at hcd-ehci.c:2075

3) For bulk endpoints with pipelining enabled (redirection to a real USB
device), we must cancel all the transfers after this a failed one so that:
a) If they've completed already, they are not processed further causing more
   stalls to be reported, originating from the same failed transfer
b) If still in flight, they are cancelled before the guest does
   a clear stall, otherwise the guest and device can loose sync!

Note this patch only touches the ehci and uhci controller changes, since AFAIK
no other controllers actually queue up multiple transfer. If I'm wrong on this
other controllers need to be updated too!

Also note that this patch was heavily tested with the ehci code, where I had
a reproducer for a device causing a transfer to fail. The uhci code is not
tested with actually failing transfers and could do with a thorough review!

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 11:55:17 +02:00
Gerd Hoffmann
da9fbe76a0 fix info qtree indention
Without the patch bus properties are are not in line with the other
properties:

[ ... ]
  dev: fw_cfg, id ""
    ctl_iobase = 0x510
    data_iobase = 0x511
      irq 0
      mmio ffffffffffffffff/0000000000000002
      mmio ffffffffffffffff/0000000000000001
[ ... ]

With the patch applied everything is lined up properly:

[ ... ]
  dev: fw_cfg, id ""
    ctl_iobase = 0x510
    data_iobase = 0x511
    irq 0
    mmio ffffffffffffffff/0000000000000002
    mmio ffffffffffffffff/0000000000000001
[ ... ]

Needed to make the autotest qtree parser happy.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 10:16:11 +02:00
Stefan Weil
b834b5081d w32: Fix broken build
Commit ef8621b1a3 added an include
file which is not available for MinGW compilations.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-30 16:36:21 -05:00
Anthony Liguori
c9a238e700 Update version for 1.2.0-rc2
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-30 07:45:28 -05:00
Stefan Weil
5bb0b62e75 scsi-disk: Fix typo (uint32 -> uint32_t)
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29 17:47:44 -05:00
Michael S. Tsirkin
3cac001e5a msix: make [un]use vectors on reset/load optional
The facility to use/unuse vectors dynamically is helpful
for virtio but little else: everyone just seems to use
vectors in their init function.

Avoid clearing msix vector use info on reset and load.
For virtio, clear it explicitly.
This should fix regressions reported with ivshmem - though
I didn't test this, I verified that virtio keeps
working like it did.

Tested-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29 17:46:26 -05:00
Michael S. Tsirkin
bc9a839d56 kvm: get/set PV EOI MSR
Support get/set of new PV EOI MSR, for migration.
Add an optional section for MSR value - send it
out in case MSR was changed from the default value (0).

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29 10:51:28 -05:00
Michael S. Tsirkin
651682dcf5 linux-headers: update to 3.6-rc3
Update linux-headers to version present in Linux 3.6-rc3.
Header asm-x96_64/kvm_para.h update is needed for the new PV EOI
feature.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29 10:51:28 -05:00
Anthony Liguori
ef8621b1a3 target-i386: disable pv eoi to fix migration across QEMU versions
We have a problem with how we handle migration with KVM paravirt features.
We unconditionally enable paravirt features regardless of whether we know how
to migrate them.

We also don't tie paravirt features to specific machine types so an old QEMU on
a new kernel would expose features that never existed.

The 1.2 cycle is over and as things stand, migration is broken.  Michael has
another series that adds support for migrating PV EOI and attempts to make it
work correctly for different machine types.

After speaking with Michael on IRC, we agreed to take this patch plus 1 & 4
from his series.  This makes sure QEMU can migrate PV EOI if it's enabled, but
does not enable it by default.

This also means that we won't unconditionally enable new features for guests
future proofing us from this happening again in the future.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29 10:51:20 -05:00
Gleb Natapov
4d09d37c6a reset PMBA and PMREGMISC PIIX4 registers.
The bug causes Windows + OVMF hang after reboot since OVMF
checks PMREGMISC to see if IO space is enabled and skip
configuration if it is.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29 09:30:31 -05:00
Stefan Weil
4bdb1a3059 qemu-ga: Fix null pointer passed to unlink in failure branch
Clang reports this warning:

Null pointer passed as an argument to a 'nonnull' parameter

Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29 08:25:55 -05:00
Jan Kiszka
7e2a62d82a memory: Fix copy&paste mistake in memory_region_iorange_write
The last argument of find_portio is "write", so this must be true here.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29 08:25:37 -05:00
Cam Macdonell
7e7de876ae ivshmem: remove redundant ioeventfd configuration
setup_ioeventfds() is unnecessary and actually causes a segfault when used
ioeventfd=on is used on the command-line.  Since ioeventfds are handled within
the memory API, it can be removed.

Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29 08:23:50 -05:00
Peter Maydell
998a74bcda hw/arm_gic.c: Define .class_size in arm_gic_info TypeInfo
Add the missing .class_size definition to the arm_gic_info TypeInfo.
This fixes the memory corruption and possible segfault that otherwise
results when the class struct is allocated at too small a size and
the class init function writes off the end of it.

Reported-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29 08:23:40 -05:00
Stefan Hajnoczi
774a8850d7 qemu-iotests: add backing file smaller than image test case
This new test case checks that streaming completes successfully when the
backing file is smaller than the image file.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-29 15:23:35 +02:00
Stefan Hajnoczi
571cd9dcc7 stream: complete early if end of backing file is reached
It is possible to create an image that is larger than its backing file.
Reading beyond the end of the backing file produces zeroes if no writes
have been made to those sectors in the image file.

This patch finishes streaming early when the end of the backing file is
reached.  Without this patch the block job hangs and continually tries
to stream the first sectors beyond the end of the backing file.

To reproduce the hung block job bug:

  $ qemu-img create -f qcow2 backing.qcow2 128M
  $ qemu-img create -f qcow2 -o backing_file=backing.qcow2 image.qcow2 6G
  $ qemu -drive if=virtio,cache=none,file=image.qcow2
  (qemu) block_stream virtio0
  (qemu) info block-jobs

The qemu-iotests 030 streaming test still passes.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-29 15:23:35 +02:00
Stefan Hajnoczi
ef72f76e58 qed: refuse unaligned zero writes with a backing file
Zero writes have cluster granularity in QED.  Therefore they can only be
used to zero entire clusters.

If the zero write request leaves sectors untouched, zeroing the entire
cluster would obscure the backing file.  Instead return -ENOTSUP, which
is handled by block.c:bdrv_co_do_write_zeroes() and falls back to a
regular write.

The qemu-iotests 034 test cases covers this scenario.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-29 15:23:35 +02:00
Anthony Liguori
1e2778d59d Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
  iscsi: Set number of blocks to 0 for blank CDROM devices
  scsi: more fixes to properties for passthrough devices
  esp: support 24-bit DMA
  megasas: Add 'hba_serial' property
2012-08-29 08:23:18 -05:00
Anthony Liguori
7dd6f4b250 Merge remote-tracking branch 'riku/linux-user-for-upstream' into staging
* riku/linux-user-for-upstream:
  linux-user: Clarify "Unable to reserve guest address space" error
  linux-user: fix emulation of getdents
  linux-user: arg_table need not have global scope
2012-08-29 08:22:02 -05:00
Aurelien Jarno
18fec301cd tcg/mips: fix broken CONFIG_TCG_PASS_AREG0 code
The CONFIG_TCG_PASS_AREG0 code for calling ld/st helpers was
broken in that it did not respect the ABI requirement that 64
bit values were passed in even-odd register pairs. The simplest
way to fix this is to implement some new utility functions
for marshalling function arguments into the correct registers
and stack, so that the code which sets up the address and
data arguments does not need to care whether there has been
a preceding env argument.

Based on commit 9716ef3b for ARM by Peter Maydell.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2012-08-28 20:38:39 +02:00
Aurelien Jarno
ce67604048 Update OpenBIOS PPC image
Update OpenBIOS PPC image to SVN r1063 to fix issues introduced by
commit 9e56edcf. The code change in this revision only affects PPC,
so OpenBIOS SPARC images are not updated.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-08-28 20:38:39 +02:00
Aurelien Jarno
54cddd21b0 target-ppc: fix altivec instructions
Altivec instructions are not working anymore in PowerPC emulation,
following commit d15f74fb, which inverted two registers in the call
to helper. Fix that.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Acked-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-08-28 18:49:22 +02:00
munkyu.im
13ef70f64e audio/winwave: previous audio buffer should be flushed
Winwave audio backend has problem with pausing and restart audio out.
Unlike other backends, Winwave pausing API does not flush audio buffer.
As a result, the previous audio data are played in front of
user expected sound when user restart audio.
So changes it to waveOutReset()

Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-08-28 19:11:28 +04:00
Ronnie Sahlberg
135b908878 iscsi: Set number of blocks to 0 for blank CDROM devices
The number of blocks of the device is used to compute the device size
in bdrv_getlength()/iscsi_getlength().
For MMC devices, the ReturnedLogicalBlockAddress in the READCAPACITY10
has a special meaning when it is 0.
In this case it does not mean that LBA 0 is the last accessible LBA,
and thus the device has 1 readable block, but instead it means that the
disc is blank and there are no readable blocks.

This change ensures that when the iSCSI LUN is loaded with a blank
DVD-R disk or similar that bdrv_getlength() will return the correct
size of the device as 0 bytes.

Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
2012-08-28 14:50:08 +02:00
Paolo Bonzini
0f1da449ec scsi: more fixes to properties for passthrough devices
Commit 0384783 (scsi-block: remove properties that are not relevant for
passthrough, 2012-07-09) removed one property that should have been
left there, "bootindex".

It also did not touch scsi-generic, while it should have.

Fix both problems.

Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-28 14:50:08 +02:00
Paolo Bonzini
9ea73f8b10 esp: support 24-bit DMA
SeaBIOS will issue requests for more than 64k when loading a CD-ROM
image into memory.  Support the TCHI register from the AMD PCscsi
spec.

Acked-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-28 14:49:59 +02:00
Hannes Reinecke
fb6541571e megasas: Add 'hba_serial' property
Add a 'hba_serial' property to the megasas driver. Originally
it would be using a pointer value which would break migration.

Reported-by: Stefan Weil <sw@weilnetz.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-28 12:48:39 +02:00
Eric Johnson
36c6711bbe target-mips: allow microMIPS SWP and SDP to have RD equal to BASE
The microMIPS SWP and SDP instructions do not modify GPRs.  So their
behavior is well defined when RD equals BASE.  The MIPS Architecture
Verification Programs (AVPs) check that they work as expected.  This
is required for AVPs to pass.

Signed-off-by: Eric Johnson <ericj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-08-27 22:18:02 +02:00
Eric Johnson
2e15497c5b target-mips: add privilege level check to several Cop0 instructions
The MIPS Architecture Verification Programs (AVPs) check privileged
instructions for the required privilege level.  These changes are needed
to pass the AVP suite.

Signed-off-by: Eric Johnson <ericj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-08-27 22:17:59 +02:00
malc
08406b035e Revert "fix some debug printf format strings"
This reverts commit 145c7c880f.

Signed-off-by: malc <av1474@comtv.ru>
2012-08-27 18:33:24 +04:00
malc
9f227bc358 Revert "vl: fix -hdachs/-hda argument order parsing issues"
This reverts commit 7764ae9671.

Signed-off-by: malc <av1474@comtv.ru>
2012-08-27 18:33:22 +04:00
malc
e4558dcae8 Revert "qemu-options.hx: mention retrace= VGA option"
This reverts commit 39dda26062.

Signed-off-by: malc <av1474@comtv.ru>
2012-08-27 18:33:21 +04:00
malc
df8002103c Revert "vga: add some optional CGA compatibility hacks"
This reverts commit 482f7bf86b.

Signed-off-by: malc <av1474@comtv.ru>
2012-08-27 18:33:20 +04:00
malc
4f213879f3 Revert "i8259: add -no-spurious-interrupt-hack option"
This reverts commit f278d4947f.

Signed-off-by: malc <av1474@comtv.ru>
2012-08-27 18:33:12 +04:00
Richard Henderson
b316728836 mips-linux-user: Always support rdhwr.
The kernel will emulate this instruction if it's not supported
natively.  This insn is used for TLS, among other things, and
so is required by modern glibc.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Cc: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-08-27 12:17:40 +02:00
Richard Henderson
0516867450 target-mips: Streamline indexed cp1 memory addressing.
We've already eliminated both base and index being zero.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-08-27 12:17:39 +02:00
Richard Sandiford
13d24f4972 Fix order of CVT.PS.S operands
The FS input to CVT.PS.S is the high half and FT is the low half.
tcg_gen_concat_i32_i64 takes the low half first, so the operands
were in the wrong order.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-08-27 12:03:18 +02:00
Richard Sandiford
d22d728987 Fix operands of RECIP2.S and RECIP2.PS
Read the second input operand of RECIP2.S and RECIP2.PS from FT rather
than FD.  RECIP2.D is already correct.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-08-27 12:03:17 +02:00